Knowledge section of AAA – (LEARN)

Sec A: Regulatory environment

Responsibilities regarding laws and regulations

Management:

- Ensure compliance with all laws and regulations

- Internal control to prevent, detect and report non-compliance

External Auditor:

- CANNOT prevent non-compliance and CANNOT detect all non-compliance

- Needs to fully understand the legal and regulatory environment of the client.
- Perform procedures to identify non-compliance which might have a direct or indirect
effect on the FS.
- Perform procedures on suspected non-compliance
- Understand the nature of reporting for suspected non-compliance.

Procedures to identify non-compliance:

A- Enquiry from mgt/TCWG

B- Confirmation from the legal advisor
C- Inspection of the board minutes to identify any non-compliance
D- Inspection of correspondence with regulatory licensing authorities
E- Get written representation that all suspected or identified non-compliance has been
disclosed to the auditors and the effects are recorded in the FS.

Reporting the identified or suspected non-compliance:

1- TCWG or audit committee

2- To shareholders through audit report
3- External authorities if needed (Confidentiality will be ignored if public interest is involved
or required by law)
4- Get legal advice if needed.

Process of money laundering:

1- Placement
2- Layering
3- Integration
What auditors can do if money laundering is suspected?

1. Firm’s anti-money laundering program

2. Be alert to risk of money laundering
3. Appropriate reporting to MLRO
4. Ensure no tip-off

Client’s policies & procedures regarding Money laundering:

1- Appointment of Money laundering reporting officer (MLRO)

2- Internal reporting
3- Reporting suspicions to MLRO
4- MLRO responsibilities and legal obligations

Sec B: Ethical considerations

Fundamental ethical principles (Breached in scenario):

- Integrity (To be straightforward and honest in all professional and business relationships)
- Objectivity (To not allow bias, conflict of interest or undue influence of others to override
professional or business judgments)
- Professional competence and due care (To maintain professional knowledge and skill at
the level required and to act diligently)
- Professional behavior (To comply with relevant laws and regulations and avoid any action
that discredits the profession)
- Confidentiality (To respect the confidentiality of information and not disclose the same)

Ethical threats (present in the scenario):

- Self-interest threat (An accountant has a financial or personal interest in the outcome,
which could influence their judgment.)
- Self-review threat (An accountant is required to evaluate their own work or work
performed by others in their company.)
- Familiarity threat (An accountant develops a close relationship with the client, leading to
a loss of objectivity.)
- Intimation threat (An accountant is pressured or threatened by the client, leading to a
compromise in their objectivity.)
- Advocacy threat (An accountant promotes or advocates for a client’s position to the point
that their objectivity is compromised)
- Management responsibility threat (An audit firm should not assume a management
responsibility for an audit client)
 Fraud
Types of fraud:

1- Fraudulent FR (Fake entries)

2- Misappropriation of assets (misuse of assets, theft)

Once fraud is identified then the auditor must: (LEARN)

- Increase substantive testing in that area

- Indication of weak internal control systems (ICS)
- Question management integrity?
- Consider impact on other areas
- Increase professional skepticism

Sec C: Practice management

(Quality management, obtaining and accepting new clients)

The word practice means the audit firm

ISQM 1 – Quality Management for Firms that Perform Audits or Reviews of Financial
Statements

• Objective: Establishes a firm-wide system of quality management (SQMS) for audit and
review engagements.

• Scope: Applies to all firms performing audits or reviews of financial statements.

The firm’s system of quality control should include:

1- The firm’s risk assessment process

2- Governance and leadership
3- Relevant ethical requirements
4- Acceptance and continuance of client relationships an specific engagements
5- Engagement performance
6- Resources
7- Information and communication
8- The monitoring and remediation process
 ISQM 2 – Engagement Quality Reviews (EQR)

• Objective: Specifies requirements for Engagement Quality Reviews (EQRs) for high-risk
audit engagements.

• Scope: Applies only to specific audit engagements deemed high-risk (e.g., listed entities,
public interest entities).

• ISQM 1 is about overall firm quality management.

• ISQM 2 is about specific quality reviews for high-risk audits.

Code of ethics-1: EQCR can conduct review for 7 cumulative years – 3 years cooling off period.

ISQM-2: engagement partner can become the EQ reviewer after 2 years of cooling off period.

Both standards work together to enhance audit quality, with ISQM 1 setting the firm-wide
framework and ISQM 2 ensuring extra scrutiny on critical audits.

Aspect ISQM 1 ISQM 2

Scope Firm-wide quality management (applies Engagement-level quality

to all audit/assurance work). management (applies to
audits/reviews of financial
statements).
Objective Ensures the entire firm has a system to Ensures individual
deliver high-quality audits. engagements comply with
standards and are properly
reviewed.
Key Focus Governance, resources, risk assessment, engagement partner
monitoring. accountability, independence,
supervision, and reviews.

ISA to refer: ISA 220

Obtaining new clients

Advertisement

The purpose of advertisement is to spread awareness among the client, not to impress them with
extraordinary claims.

Tendering:

In tender, the firm will give a brief introduction about themselves and then it will address the
needs of the client and how the firm will perform the assurance engagement.
Contents of tender documents are:

- Brief outline of firm

- Specialism of firm
- Prospective client: Identify needs
- Outline proposed approach (Audit stages, use of ISAs)
- Quality control procedures
- Communication with TCWG
- Timeframe
- Key staff and resources
- Proposed fee
- Additional non-assurance services which the firm can offer (subject to ethical
requirements and are separate from the audit service)

Factors to consider when accepting new clients / Client continuation:

- Independence, conflict of interest

- Resources
- Scale of engagement (national or global)
- Management integrity
- Commercial considerations (fee level)
- KYC (know your client)
- Risk (Pure scenario based)
- Professional liability implications
- Professional etiquette letter (clearance from outgoing auditor)
- Pre-conditions of audit (mgt acknowledgement of responsibility, presence of suitable FW.

System of internal control during audit

What does the external auditor do on the internal controls?

1- Understand the systems

2- Document the understanding of systems
3- Test the systems for two things:
- Design deficiencies
- operating effectiveness (test of controls)
4- report significant deficiencies to TCWG (Deficiency + Impact + recommendation)
5- decide extent of substantive testing (if weak ICS, more substantive testing)
when the external auditor finds deficiencies in client’s system, what do the need to do next?

1- Update the documented system notes

2- Increase system testing in that area
3- Increase substantive testing at the next stage in that area
4- Be aware that this could indicate a weak control environment
5- Report significant deficiencies to TCWG

Sec D: Audit planning

Comprises of:

1- Audit strategy
2- Audit plan

Audit strategy (overall approach to audit)

1- Understanding the client

2- Risk assessment
3- Materiality (ISA 320)
- PBT: 5% - 10%
- TA: 1% - 2%
- REV: 0.5% - 1%
4- Scope, timing and direction

Audit plan (detailed implementation of strategy)

1- Description of risk assessment procedures

2- Description of further audit procedures

Risk includes:

- Business risk (Faced by the client)

- Audit risk (Faced by the auditor)

Business risk:

Risk that arises from significant conditions, events, circumstances, actions or inactions that could
adversely affect an entity’s ability to achieve its objective and execute its strategies.

When describing business risks, remember to explain the impact it will have on the company i.e.
impact on profit or cash flows.
Indicators:

- Negative impact on business

- Cashflow issues
- Reputational issues
- Legal/compliance issues

Audit risk:

Risk that the auditor expresses an inappropriate opinion when the financial statements are
materially misstated.

Components of audit risk:

- Risk of material misstatement (ROMM)

- Detection risk (DR)

Risk of material misstatement (ROMM):

ROMM is the risk that the financial statements are materially misstated prior to the audit.

Examples:

- IAS / IFRS – Accounting Standards

- Weak Internal Controls around F/S

Detection risk (DR):

Detection risk is risk that the procedures performed by the auditor to reduce audit risk to an
acceptably low level will not detect a misstatement that exists and that could be material.

Examples:

- New Audit Client

- Time Pressure
- Lack of resources
- Use of 3rd party services by the client

Risk of material misstatement (ROMM) consists of:

1- Inherent risk (IR)

2- Control risk (CR)
 Group audits
Approach to group audits:

1- Understand the group and its components (Subsidiary, JV, associate or product division)
2- Understand who the component auditors are (Network firms / Other firms)
3- Engagement team = Group auditor + Component auditors
4- Understand how group manages info transmitted by components.
5- Audit of component needs to be conducted – group auditor or component auditor
6- Group auditor will set component materiality (component materiality should be less than
consolidated FS materiality)

Remember that Group auditor excludes component auditor and Engagement team includes
component auditor!

Audit procedures / Evidences:

Assertions: Promises made by the mgt

SPL: Occurrence, classification, cut-off, completeness, accuracy, presentation.

SFP: Rights & obligations, existence, valuation, accuracy, completeness, presentation.

Good procedure? = presence of mind + TECHNIQUE

VERB (Discuss, analyze, investigate, compare, recalculate, assess, obtain, review etc.) + (The
document / Account balance) -------- 0.5 mark ------ WHY? --- 0.5 mark

Example: Recalculate the depreciation charge of PPE to verify the accuracy.

Evidence (SAAE):

Information used by auditors to support their opinion on financial statements.

Key Characteristics:

1. Sufficient – Quantity (e.g., sample size) must be adequate.

2. Appropriate – Quality (relevance & reliability) must support conclusions.

Example: bank confirmation letter directly from the client’s bank verifying cash balance.

Procedures for gathering evidences:

1- Inspection (documents or tangible NCA)

2- Inquiry (Discuss with Mgt, internal auditors on assumptions used)
3- External confirmations (Documented – Company’s letterhead – firm’s address)
 4- Recalculation (0.5 mark per one figure)
5- Re-performance (BRS, supplier aging)
6- Analytical procedures (comparisons with past/budgets or industry average)
7- Observation (Generally a Test of control – Very rare in AAA)

Using the work of an expert:

1- Objectivity should be evaluated (Interest or relationship with client)

2- Competence should be evaluated (Experience, reputation, professional certification)
3- Scope of work that auditor has agreed with the expert (When auditor is using his own
expert) – (Objectives, assumptions used)
4- Relevance of conclusions (Source data used, appropriateness of assumptions, methods)

Reminder: The auditor can’t refer to the use of expert’s work in the audit report.

Auditor’s work on the outsourced area:

1- Obtain an understanding of the nature of services provided by the service organization

(mgt discussion)
2- Study contract between service org and the client and also, see if the auditor has right to
access the service org’s internal control.
3- Consider internal controls applied by the client to transactions processed by the service.
4- Consider materiality of the transactions processed
5- The auditor can visit the service organization and perform procedures that will provide
the necessary information about h relevant controls at the services organization.
6- The auditor can ask for a report on internal control from the service organizations auditor
which can be either TYPE 1 report or TYPE 2.
- TYPE 1: Report on design of internal controls only
- TYPE 2: Report on design + operating effectiveness of internal controls (TOC)

The user auditor shall not refer to the work of a service auditor!

Internal auditor’s direct assistance on external audit:

Allowed if:

1- Allowed by laws and regulations

2- Evaluate threats to objectivity of internal auditors (Any threat? If yes, how significant?)
3- Evaluate competence of internal auditors
Then:

4- Obtain a written representation from the client

5- Written agreement from internal auditor (confidentiality)
6- NOT allowed for judgmental or risky areas!

Reminder: Cannot refer to the use of work of Internal auditor in the audit report!

Audit work on other information in documents containing audited F/S:

Example of other information are chairman’s statement or director’s commentary on

performance.

Opinion is only given on F/S, not on annual report/Integrated report

Steps:

1- Read all other information in the annual report / Integrated report

2- Identify material inconsistencies with F/S (Clashes with Other info and F/S)
3- If material inconsistency discovered, identify whether the issue is in the F/S or other info
a- If in the F/S and amendments are not made, Opinion might be affected
b- If in the other info and changes are not made by the mgt, mention in the paragraph
dedicated to other information in the audit report.
4- If material inconsistency of fact (Unrelated to F/S), Communicate to TCWG.

Sec E: Completion, Review and reporting

Review consists of:

- Going concern
- Subsequent events
- Overall review of F/S

Going concern review:

Responsibilities of management:

1- Make an assumption on GC
2- To give adequate disclosures regarding GC in F/S
3- To ensure F/S are accurately amended if business in not GC
Responsibilities of Auditors:

1- Evaluate mgt’s assumption regarding GC.

2- Analyze business info for indicators that suggest that business in not GC
3- Apply procedures to confirm indicators
4- Report findings accordingly.

Audit procedures on going concern: (Learn and write anyway in a GC procedure Q)

1- Evaluate mgt’s assessment (A: Process followed to make assessment, B: Assumptions, C:

Future plans)
2- Read minutes of meetings: look for any current, or potential, CF difficulties?
3- Review post year end mgt accounts (Any liquidity issues?)
4- Review CF forecast: sufficient cash to continue operations next year?)
5- Review other forecasts and budgets – Sales / Profit
6- Confirming existence, terms and adequacy of borrowing facilities
7- Review events after the reporting period to identify those that affect the entities’ ability
to continue as a GC
8- Requesting written representation’s from mgt regarding their plans for future action and
the feasibility of these plans.

Subsequent events: (IAS 10)

Adjusting event -> conditions existed at Y/E -> Double entry required in F/S

Non-adjusting event -> No conditions existed at Y/E -> If Material -> Disclosure in Y/E F/S

Non-adjusting event -> Affects GC -> Y/E F/S prepared on breakup basis.

Auditors’ responsibilities:

Enquire from Mgt their process to identify subsequent events

Post year-end minutes of board minutes, mgt reports

Normal post-year end work

- Receivables: Post year-end receipts

- Inventory: Post year-end sales invoices

Lawyers’ correspondence for decisions on pending law suits

GC affected? After event identified -> Consider if GC needs to be confirmed

If subsequent events are identified:

Enquire from mgt what amendments are done and which areas of F/S adjusted?

After amendment: New procedures and new report

If Mgt does not amend: All possible actions to ensure no reliance on report by 3 rd parties.

Overall review of F/S:

1- Checklists (acc standards, laws & regulations)

2- Working papers reviewed to ensure SAAE has been gathered, acc policies are consistent,
appropriate and conclusions based on proper audit procedures.
3- Final analytical procedures
A- Planning - To facilitate knowledge of business (KOB) + risk assessment
B- Substantive stage – test various assertions
C- Review – we understand variances better
D- Overall conclusion
3- Ensure adequacy and completeness of disclosures
4- Review consistency of F/S with other info in the annual report
5- Obtain written representation that all supporting documents are given to auditor

Audit opinion:

Imp terms

2 types of issues encountered by auditors in F/S:

1- Misstatement – double entry, Disclosure issues

2- Inability SAAE – Mgt imposed limitation, genuine reasons

Types of misstatements:

1- Factual – Breach of IFRS/IAS

2- Judgmental – Estimation related differences
3- Projected – (Extrapolate the misstatement to access the impact on population)

Issues in F/S could be:

- Immaterial – Less than materiality levels

- Material – by nature or by amount
- Pervasive - problem in one area but changes the outlook of F/S – turns profit into loss
- Related to a disclosure fundamental to users understanding of F/S
Opinion:

- Unqualified / Clean
- Modified

Unqualified / Clean:

In our opinion, F/S present a true and fair view

➔ All material misstatements have been adjusted

➔ Remaining misstatements are immaterial in isolation and when aggregated.

Modified opinion consists of:

- Qualified (QEF) – Material misstatement or inability to gather SAAE in material area

- Adverse – When material and pervasive misstatement in F/S (affects > than 60% of F/S)
- Disclaimer – When auditor is unable to gather SAAE in material & pervasive area

Audit report – Format and contents

Matters to be communicated to TCWG

1- The auditor’s responsibilities in relation to F/S

2- Planned scope and timing of audit
3- Significant findings from the audit – Communicated to audit committee
4- A statement on independence issues affecting the audit (For listed clients only) – any
ethical issues + safeguards

Key audit matters

- Only for listed client

- Mandatory paragraph in audit report of listed client
- Are selected from matters communicated to TCWG

Steps to determine a KAM:

1- Areas of higher assessed ROMM or significant risks identified in accordance with ISA-315
2- Significant auditor judgements in F/S involving mgt judgment which are of high estimated
uncertainty
3- The effect on the audit of significant events occurred during the period.

Communicating KAM once determined:

Why the matter was determined as KAM?

How the matter was addressed in the audit

Audit report consists of:

1- Unmodified opinion

Unchanged from format prescribed by ISA’s

No changes to words in report

No additional paras

Only given when opinion clean because pre set wordings of clean opinion.

2- Modified opinion (changed)

1- Changes in opinion
Words in opinion & basis for opinion will be modified to reflect modified
opinion.

2- Additional paragraphs consist of:

1- Material uncertainty re GC
Only added when there is a material uncertainty and it is properly
disclosed in F/S.
2- Other matter paragraph
Only added when comparatives in F/S are not audited or audited by
different auditors
3- Emphasis of matter paragraph (only for unlisted Co)
Added to draw SH’s attention to CORRECTLY given disclosures related
to:
1- Breakup basis used to prepare F/S
2- Material law suits
3- Material non-adjusting events

Unmodified auditor’s report on F/S prepared in accordance with a fair presentation framework:

1- Title -> Statutory auditor’s report / Y/E / Client’s name

2- Addressee -> Shareholders / Owners
3- Opinion -> Pre set words for unmodified / Clean opinion
4- Basis for opinion -> Pre set words for SAAE gathered
5- Key audit matters (KAM) -> Only for listed Co – Selected from matters communicated to
TCWG
6- Other info in the document containing the F/S (Director’s commentary)
7- Responsibilities of Mgt & TCWG (For the prep of F/S, ICS over FR
8- Auditor’s responsibilities for audit of F/S (Opinion, SAAE, Ethical code, Local laws)
 9- Report on other legal and regulatory requirements (Differs from country to country)
10- Engagement partner’s name
11- Signatures
12- Auditor’s address (Firms)
13- Date

Impact of various issues on the audit report (placement of Paras):

1- Title
2- Addressee
3- Opinion: If modified, Headings changes to name of modified opinion, Wording of opinion
changes
4- Basis for opinion: If modified, heading changes to basis for qualified/Adverse/Disclaimer;
Need to explain nature, amount, impact of issue and the relevant accounting standard.
5- If needed, material uncertainty re. going concern para will be placed here
6- KAMs
7- If needed, EOMP can be placed either here or before KAM (depends on nature of issue &
auditor’s judgement.
8- If needed, OMP will be placed here (Always after KAM)
9- Other info in the documents containing the F/S: any uncensored inconsistencies in other
info will be explained here (Rev growth 20% Mgt claimed, Actual 5% growth discovered)
10- Responsibilities of mgt & TCWG
11- Auditor’s responsibilities for audit of F/S
12- Report on other legal and regulatory requirements
13- Engagement partner’s name
14- Signatures
15- Auditor’s address
16- Date

Impact of going concern on audit report

Going concern:

1- Uncertain
Adequate disclosure given
➔ Unmodified / Clean opinion
➔ Modified report – MUGC before KAM
Disclosure inadequate
➔ Qualified opinion + Modified audit report – Headings and contents of
opinion + Basis for opinion will change
 2- Assumption incorrect

F/S prepared on break up basis

➔ Unmodified / Clean opinion

➔ Audit report modified -> EOMP
F/S not prepared on breakup basis
➔ Adverse opinion
➔ Audit report -> Modified -> changes to headings + contents of opinion &
basis for opinion para.

Critically evaluate an audit report extract

Recommended steps / sequence:

1- Is the type of opinion, correct?

2- Opinion and basis for opinion para headings, correct?
3- Placement of opinion and basis for opinion, correct?
4- Basis for opinion (All FOUR of these mentioned correctly? Nature, Amount, impact, IFRS)
5- Additional paras
- Evaluate if needed?
- If yes, content and placement, correct?
- MUGC placed before KAM
- EOMP placed before / After KAM
- OMP placed after KAM
6- KAM (Only for listed clients)
- Criteria met for KAM?
- Introduction given?
- Does it mention WHY it is a KAM?
- Does it mention HOW each KAM was addressed in audit report?
- Placement of the paragraph, correct?
7- Any other changes to the audit report?
8- Unprofessional wording?